EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-3539 - Vulnerability Database

EspoCRM

EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-3539

Medium

Reference: CVE-2021-3539

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3539

Title: EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.